The Data Protection Commissioner is to refer Facebook’s data transfer mechanisms to the European Court of Justice, posing a new legal threat to data transfers to the US by companies such as Facebook and Google.
The move follows an investigation into Facebook's transfer of European Union users' data to the United States to ensure that personal privacy is properly protected from US government surveillance.
Facebook, like many other tech companies, has its European headquarters in Dublin and is regulated by DPC.
The DPC is asking the ECJ to determine the validity of Facebook's so-called "model contracts" - common legal arrangements used by thousands of firms to transfer personal data outside the 28-nation EU.
Its investigation into the California-based company was ordered by Ireland's High Court in October after the ECJ struck down Safe Harbour, an EU-US agreement that had allowed the free transfer of data between the EU and the United States.
The ECJ ruled the agreement did not sufficiently protect Europeans' information against US surveillance.
Transfers of Europeans' personal information to the US have been a hot topic since 2013 revelations about mass US surveillance programmes such as Prism, which allowed US authorities to harvest private information directly from big tech companies such as Apple, Facebook and Google.
Since the ECJ ruling, companies have had to rely on model contracts and other, more cumbersome, measures to transfer Europeans' data to the United States in compliance with strict EU data privacy rules.
"Thousands of companies transfer data across borders to serve their customers and users," a spokeswoman for Facebook said. "The question the Irish DPC plans to raise with the court regarding standard contract clauses will be relevant to many companies operating in Europe," she said, adding that Facebook has a number of legal ways of moving data to the US.
The ECJ ruling in October stemmed from a complaint by Austrian law student and privacy activist Max Schrems.
He challenged Facebook's transfers of European users' data to its American servers, citing the risk of US snooping.
In a statement, the DPC said: "We continue to thoroughly and diligently investigate Mr Schrems' complaint to ensure the adequate protection of personal data.
"We yesterday informed Mr Schrems and Facebook of our intention to seek declaratory relief in the Irish High Court and a referral to the [ECJ] to determine the legal status of data transfers under Standard Contractual Clauses.
"We will update all relevant parties as our investigation continues."
One of the reasons the ECJ struck down Safe Harbour is because the agreement did not offer EU citizens sufficient channels to complain about US surveillance.
Mr Schrems and other privacy campaigners contend that alternative arrangements such as model clauses do not offer Europeans any means of redress either.
"There is no way that the [ECJ] can say that model contracts are valid if they killed Safe Harbour based on the existence of these US surveillance laws," Mr Schrems said in a statement this afternoon.
After the ECJ ruling in October, the EU Commission and the United States rushed to hash out a new data-sharing agreement, the Privacy Shield, which they are hoping to have up and running by the end of June.
However, EU privacy watchdogs have raised a number of concerns with the framework, heightening fears that it might not withstand a court challenge.